blog-scraper

SUSPICIOUS: RSS scraping behavior is aligned with the stated purpose and uses a standard PyPI dependency, but the optional fallback relies on an unpinned third-party Apify Store actor outside the publisher's control. The requested Apify token is proportionate, yet forwarding it into community-hosted actor execution raises medium supply-chain and credential-forwarding risk.